Built by Flowdesk — ex‑FlowCrypt (iOS + Chrome Ext.). Privacy apps, E2EE systems, native & mobile.See workcontact@flowdesk.tech
Flowvault

Flowvault · Blog

Deep dives, guides, and honest comparisons.

Long-form writing from the team: how the cryptography inside Flowvault actually works, practical walkthroughs of every feature, and no-punches-pulled comparisons against ProtectedText, Standard Notes, Bitwarden Send, Privnote, and the rest of the landscape. No marketing fluff, no SEO doorway pages — just the posts you'd want to read if you were about to trust a browser tab with a secret.

· 11 min readfeaturecrypto

Encrypted File Send: 10 MiB self-destructing file uploads with a secure delete link

Flowvault 1.5 ships an Encrypted File Send: drop a file (up to 10 MiB), pick how long it lives (max 7 days) and how many times it can be downloaded, share the link, and keep the separate secure delete link in your back pocket so you can destroy the upload at any moment. Here's exactly how it works.

Read the post

· 12 min readfeatureformat

Bring Your Own Storage: running Flowvault with the ciphertext on your own disk

Flowvault 1.2 adds a local-file backend: your whole encrypted vault lives as a single .flowvault file on your own disk, and our servers never see the ciphertext. Here's the exact file format, the threat-model trade-offs, and what's next (S3, WebDAV, and beyond).

Read the post

· 10 min readfeaturesecurity

Markdown preview and syntax-highlighted code, without the usual leaks

Flowvault 1.3 renders your notes as GitHub-flavored Markdown with syntax-highlighted code blocks and an Edit / Preview / Split toggle. What's unusual is what the preview refuses to do: no raw HTML, no silent external-image loads, no referrer leaks, no remote syntax-highlighting fetch. Here's exactly what we shipped and why.

Read the post

· 9 min readfeatureformat

The .fvault format: zero-knowledge backups for an encrypted notepad

A Flowvault backup is exactly the ciphertext the server already holds — no passwords inside, no plaintext, no accounts, and still decryptable on a self-hosted instance. Here's the exact format and why the trade-offs look the way they do.

Read the post

· 10 min readfeaturecomparison

Encrypted Send vs Bitwarden Send vs Privnote: account-less one-shot secrets compared

If you just want to share a password, an API key, or a recovery phrase once, which one-shot link service should you use in 2026? A detailed, honest comparison of Flowvault Encrypted Send, Bitwarden Send, Privnote, OneTimeSecret, PrivateBin, and 1Password Share.

Read the post

· 10 min readcomparisonfeature

Flowvault vs ProtectedText: an honest, technical head-to-head

ProtectedText has been the default zero-knowledge notepad for 15+ years. Flowvault is a newer entrant with four specific technical differences: no legacy password-keyed blob, AES-GCM instead of AES-CBC, VeraCrypt-style hidden volumes, and an open-source server. Here's the honest head-to-head.

Read the post

· 11 min readguidetutorial

How to use Flowvault: a complete beginner's guide to zero-knowledge notes

A practical, feature-by-feature walkthrough: your first vault, multi-tab notebooks, decoy passwords, trusted handover, time-locked notes, Encrypted Send, and zero-knowledge backup / restore. No screenshots — just the exact clicks.

Read the post

· 10 min readfeaturecrypto

Plausible deniability for notes: how Flowvault's hidden volumes actually work

Flowvault is the only browser-based encrypted notepad with VeraCrypt-style plausible deniability: multiple passwords unlock different notebooks on the same URL, and nobody can prove how many notebooks exist. Here's exactly how the format works.

Read the post

· 9 min readfeaturecrypto

Time-locked notes: writing messages you literally cannot read until a future date

A future-self letter, a scheduled disclosure, a recovery envelope — time-locked notes let you encrypt something that literally cannot be read before a target date, not even by the sender. The drand randomness beacon does the heavy lifting.

Read the post

· 10 min readfeaturecrypto

Trusted handover: giving a beneficiary access to your encrypted notes, the right way

Set up a trusted beneficiary who can decrypt your vault if you stop checking in — without telling them the password in advance, without a mandatory account, and without ever letting the server see a plaintext key.

Read the post

· 9 min readmanifestostory

Why I built Flowvault: an honest, zero-knowledge encrypted notepad for 2026

Every existing encrypted notepad I tried in 2026 made one or more painful compromises — legacy cipher modes, closed server code, no deniability, or a mandatory account. Here's why I wrote Flowvault instead of living with them.

Read the post

Want a topic covered?

Open a discussion on GitHub or browse the FAQ and the security page for shorter-form answers.